[SECURITY] [DLA 2365-1] netty-3.9 security update

Debian LTS Advisory DLA-2365-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez September 04, 2020 https://wiki.debian.org/LTS Package : netty-3.9 Version : 3.9.9.Final-1+deb9u1 CVE ID : CVE-2019-16869 CVE-2019-20444 CVE-2019-20445 Debian Bug : 941266 950966...

netty: HTTP request smuggling

A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF carriage return, line feed without being followed by SP space or HTAB horizontal tab, result in situations where headers can be misread. Dat...

Security Bulletin: Multiple vulnerabilities in netty affect IBM Spectrum Scale Transparent Cloud Tiering (CVE-2019-20445, CVE-2019-20444)

Summary Netty is used by IBM Spectrum Scale Transparent Cloud Tiering. IBM Spectrum Scale Transparent Cloud Tiering has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-20445 DESCRIPTION: Netty could provide weaker than expected security, caused by non-proper handling of...

netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header

A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...

Security Bulletin: Multiple vulnerabilities in netty affect IBM Operations Analytics Predictive Insights (CVE-2019-20445, CVE-2019-20444)

Summary Netty is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. Note that the usage of Netty within IBM Operations Analytics Predictive Insights is limited to the REST Mediation utility. If you do not use that...

netty: HTTP request smuggling

A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF carriage return, line feed without being followed by SP space or HTAB horizontal tab, result in situations where headers can be misread. Dat...

GHSA-P2V9-G2QV-P635 HTTP Request Smuggling in Netty

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header...

CVE-2019-20445

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header...

DEBIAN-CVE-2019-20445

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header...

CVE-2019-20445

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header...

CVE-2019-20445

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header...

UBUNTU-CVE-2019-20445

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header...

CVE-2019-20444

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...

CVE-2019-20445

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header...